I posted some time ago answering tinh_x7 and because of that, I found that I cannot renew or create new certificates. I have port 80 forwarded to my OMV box but I get an error that let's encrypt can't "access" /var/www/openmediavault/acme-challenge/(some random string of numbers/letters).

After I changed the WebRoot path from /var/www/openmediavault/ to /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud, this is the new log:

It said>>Error: the configuration object is in use...

It looks like your dns entries are not setup correctly, based on:
"To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address"

Have you recently made a change to your DNS records? It can take a while to populate.
Also try manually creating the folder and files in your webroot to test and make sure those directories are accessible. For example:

Then go to server.xyz.com/test.html
If you do not get a webpage that says "Test" then your webroot is configured wrong.
(Clean up your test files: rm -r /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known)

Otherwise I would post on the Lets Encrypt forums, you will get more prompt and knowledgeable support. My knowledge domain is limited to this one specific use case of Let's Encrypt. If you find anything else please bring back the information so we can try to incorporate it into the plug-in.

I posted some time ago answering tinh_x7 and because of that, I found that I cannot renew or create new certificates. I have port 80 forwarded to my OMV box but I get an error that let's encrypt can't "access" /var/www/openmediavault/acme-challenge/(some random string of numbers/letters).

I've got my OpenMediaVault accessible only from within my LAN. Having an SSL certificate so web browsers stop complaining when I visit my OpenMediaVault sounds nice, as well as security improvements against attackers that may have gained entry through WiFi, but it's not immediately apparent to me how to use this service.

Do I have to have a domain name to use this?

Do I need to set up a separate public web server as well?

Is this actually going to be a net decrease in security for me opening up my OpenMediaVault to the Internet for LetsEncrypt validation?

1. You need to own the domain that you plan to use with Let's Encrypt.
2. You can use it on the same system as OMV running with different port.
Your web server can be install on /media/UUID/.... or /var/www/

You don't have to open OMV to the world, just your web service(s) or services that you need to access from outside.

My OMV is on port 8080. I have nginx installed. My webpage is on port 80. But with the possibility of LE I now want to change to SSL. My router is openend for port 80 with a port forwarding to port 80 of my internal ip address for my webpage.

To use SSL I also open 443 on the router with a port forwarding to port 443 of my internal ip address.

I hope until here everything is right.

My webpage is in the folder /media/UUID/webpage. Is it right to put this also in the LE plugin under webroot?

If this is all correct is it right that I need this port 80 opened to my webpage to get LE work, also for updating?

Because what I normaly want is that if somebody is coming from outside without SSL on the port 80 he is redirected to the SSL part. But how can I get this to work with nginx when I also want to use the autoupdate for LE?

Would be nice if somebody can explain it for nginx and not only SNI Proxy.

Ok, I now got it and found a nice solution, to get everything work, only using SSL (redirecting to SSL when coming in without) and also using Letsencrypt including update. And all of this without SNI Proxy, just with NGINX.

My router is forwarding port 80 to port 443 of my internal ip-address of the server and 443 also to 443 of the server.

My nginx-server-config is looking like this:

Source Code

server {

listen [::]:443 ssl ipv6only=off;

ssl_certificate /etc/ssl/certs/openmediavault....ab.crt;

ssl_certificate_key /etc/ssl/private/openmediavault...ab.key;

server_name vhost1.mydoamain.org;

set $root_path "/media/UUID/.../";

root $root_path;

index index.html index.php;

set $socket "unix:/var/run/fpm-74dff9ad-4c79-4ff1-85fa-7a4ead13d8e2.sock";

"error_page 497 https://$host$request_uri;" brings everybody without entering with "https" to the SSL page. And this works also if you don't use the standard ports for SSL. Then just change it to for example "https://$host:1234$request_uri;" so put the port number behind $host.